1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
//! Sealed marker trait for storage backends that encrypt data at rest.
//!
//! [`EncryptedStorage`] is a sealed marker trait — only implementable inside
//! `scp-platform`. External crates can see and require the trait, but cannot
//! implement it for their own types. This prevents unencrypted backends from
//! satisfying the bound.
//!
//! Production backends (`SqliteStorage`, `AppleStorage`) implement it directly.
//! Custom backends that don't natively encrypt should be wrapped in
//! [`EncryptingAdapter`](crate::encrypting_adapter::EncryptingAdapter), which
//! adds per-value AES-256-GCM encryption and implements `EncryptedStorage`.
//!
//! # Why sealed?
//!
//! Encryption at rest is a security invariant, not a behavioral contract that
//! external code can meaningfully promise. Sealing the trait ensures the
//! compiler enforces the invariant — only code within `scp-platform` can vouch
//! for a backend's encryption.
//!
//! See issue #695 and spec §17.5.
pub
/// Marker trait for [`Storage`](crate::traits::Storage) backends that encrypt
/// data at rest.
///
/// Sealed — only implementable inside `scp-platform`. External crates can
/// require this bound but cannot implement it. Wrap custom backends in
/// [`EncryptingAdapter`](crate::encrypting_adapter::EncryptingAdapter) to
/// satisfy the bound.
// ---------------------------------------------------------------------------
// Blanket impl for Arc<T> — matches the Storage blanket in traits.rs
// ---------------------------------------------------------------------------
// ---------------------------------------------------------------------------
// Implementations for production backends
// ---------------------------------------------------------------------------